Accounts

in case you get your hands on a mostly working apc ap9212 unit with an ap9606 comunications module of which you don't know neither ip address nor username/password you may want to try hacking the device via telnet because connecting to the serial port requires a special apc cable _and_ the port needs to be working as well. by the way I'm assuming an ip address has been configured (steady green status led) which prevents the ap9606 to respond to ip addresses set in the arp table by "arp -s".

1. find out the mac address by either attaching the ap9606 to a managed switch and just read the mac address listed for the port or attach it to another computer directly and listen to tcpdump to collect addresses.

2. find the ip address by attaching the ap9606 to a computer and listening to tcpdump. compare the output to the mac address you collected earlier and gather the address that makes sense. in my case it was an arp request and the wanted address was the one following "tell".

3. configure an ethernet interface for the same subnet and connect to the ip address you just found via telnet.

4. now you can log in as any user with the factory password TENmanUFactOryPOWER and dump some valuable information from the specific addresses of the device's flash memory using code "13". for example in my case "1d0" dumped the user/password and a bunch of other junk. The username started with "0u" followed by the username i.e. "0uadmin" and the password followed after a gap of 6x "FF" also in clear text.

5. exit with ctrl+a and re-login using the user/password you just gathered.

for configuring the ap606 I personally prefer the web-gui not because it is good but because the cli is just horrible.

now that you know how to hack the device you will probably want to find a way to secure it against others. me, too.

Faulbaer (it's fun to snmp-control the ports on this old pdu - it works well!)